As a company grows in size and it’s public image becomes more and more prominent, it is inevitable that it will become a more attractive target to attackers – whether it be the prime focus of an attack, or the low hanging fruit attached to a greater one. I certainly see this with my employer, and the effort put into some emails that I have had forwarded to me for inspection following my most recent social engineering test have very much illustrated that we are on the radar of some people who possess both determination and resource. However, regardless of how much effort you put into education you’re still guaranteed to get someone who opens a malicious attachment, so to guide incident response you need to analyse the behavior of the file(s) to have meaningful data to work with.
After a few months of hacking about in it, this morning I encountered a rather fatal issue with one of my Linux Mint installs which utilises both full disk and home folder encryption. Usually this wouldn’t bother me so much as a fresh install is always nice (particularly since Linux Mint 17.1 is now out), but last night I made some changes to a script and hadn’t yet committed them to my BitBucket repo…
Here’s how I recovered the file.
Continue reading “when FDE becomes your enemy”